I received a warning from Google ......

[Dustin]

~BD~ <BoaterDave~no.spam~@hotmail.co.uk> wrote in
news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d@bt.com:

> /I/ think *Dustin* is wrong. I believe that installing an anti-virus
> programme on an already compromised machine is, in all probability,
> a futile exercise.

LOL, you would certainly be in the minority if you think I was wrong in
the advice I provided concerning malware. Remember one important aspect,
****stick; I know malware from two sides: coding it AND removing it. You
don't even know it well from the removal side.

> I'd be interested to learn the views of others on this particular
> matter.

And atleast one knowledgable fellow posted, further clarifying what I
said and agreeing with me.

Any more **** you'd like to try and stir, moron?




--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.

[~BD~]

Dustin wrote:
> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d@bt.com:
>
>> /I/ think *Dustin* is wrong. *I believe that installing an anti-virus
>> programme on an already compromised machine is, in all probability,
>> a futile exercise*.
>
> LOL, you would certainly be in the minority if you think I was wrong in
> the advice I provided concerning malware. Remember one important aspect,
> ****stick; I know malware from two sides: coding it AND removing it. You
> don't even know it well from the removal side.

I regret to advise you that you are well behind the times, young man!

*Much* has changed since you were a 'script kiddie', Dustin.

>> I'd be interested to learn the views of others on this particular
>> matter.
>
> And atleast one knowledgable fellow posted, further clarifying what I
> said and agreeing with me.

FTR made an excellent reply, for which I thank him. Cheers, FTR!

However, if you read what he said again, carefully, you might understand
that he was not in /full/ agreement with what you had said.

> Any more **** you'd like to try and stir, moron?

I simply want you to understand that you are *not* God's Gift to
fighting Cybercrime, Dustin. Much has happened in recent years and the
*really* bad guys are *much* more clever that /you/ have ever been - or
will ever be. Believe me! ;-)

--
Dave

[Dustin]

~BD~ <BoaterDave~no.spam~@hotmail.co.uk> wrote in
news:KNSdnZ_Wh89i4PnRnZ2dnUVZ8ridnZ2d@bt.com:

> Dustin wrote:
>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
>> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d@bt.com:
>>
>>> /I/ think *Dustin* is wrong. *I believe that installing an
>>> anti-virus programme on an already compromised machine is, in all
>>> probability, a futile exercise*.
>>
>> LOL, you would certainly be in the minority if you think I was
>> wrong in the advice I provided concerning malware. Remember one
>> important aspect, ****stick; I know malware from two sides: coding
>> it AND removing it. You don't even know it well from the removal
>> side.
>
> I regret to advise you that you are well behind the times, young
> man!

Let's say for a moment I was behind the times; I'm *still* lightyears
ahead of you if that was the case.

> *Much* has changed since you were a 'script kiddie', Dustin.

I didn't do any script kiddie style work, BD. Mine we're actual exe
infectors.


>>> I'd be interested to learn the views of others on this particular
>>> matter.
>>
>> And atleast one knowledgable fellow posted, further clarifying what
>> I said and agreeing with me.
>
> FTR made an excellent reply, for which I thank him. Cheers, FTR!
>
> However, if you read what he said again, carefully, you might
> understand that he was not in /full/ agreement with what you had
> said.

Difference of opinion, not only was he in agreement; he actually
explained why.

>> Any more **** you'd like to try and stir, moron?
>
> I simply want you to understand that you are *not* God's Gift to
> fighting Cybercrime, Dustin. Much has happened in recent years and
> the *really* bad guys are *much* more clever that /you/ have ever
> been - or will ever be. Believe me! ;-)

BD, your a complete and utter ****ing fool. Nothing has changed, the
technology and the methods for doing the nasties is still VERY MUCH the
same. The underlying principles are what causes this, ****stick.




--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.

[~BD~]

Dustin wrote:
> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
> news:KNSdnZ_Wh89i4PnRnZ2dnUVZ8ridnZ2d@bt.com:
>
>> Dustin wrote:
>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
>>> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d@bt.com:
>>>
>>>> /I/ think *Dustin* is wrong. *I believe that installing an
>>>> anti-virus programme on an already compromised machine is, in all
>>>> probability, a futile exercise*.
>>>
>>> LOL, you would certainly be in the minority if you think I was
>>> wrong in the advice I provided concerning malware.

[....]


What FTR actually said .....

"True, it could be installed and be kept from accessing certain areas by
a rootkit".

Do you *really* disagree with that?

[Dustin]

~BD~ <BoaterDave~no.spam~@hotmail.co.uk> wrote in
news:ifCdnZBsxp-fPPjRnZ2dnUVZ8vadnZ2d@bt.com:

> Dustin wrote:
>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
>> news:KNSdnZ_Wh89i4PnRnZ2dnUVZ8ridnZ2d@bt.com:
>>
>>> Dustin wrote:
>>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
>>>> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d@bt.com:
>>>>
>>>>> /I/ think *Dustin* is wrong. *I believe that installing an
>>>>> anti-virus programme on an already compromised machine is, in
>>>>> all probability, a futile exercise*.
>>>>
>>>> LOL, you would certainly be in the minority if you think I was
>>>> wrong in the advice I provided concerning malware.
>
> [....]
>
>
> What FTR actually said .....
>
> "True, it could be installed and be kept from accessing certain
> areas by a rootkit".

A rootkit still has to play by certain hardrules; nothing can be hidden
completely. Some in house developed tools for prior work with
malwarebytes are likely useful in such a scenario.

I didn't say I couldn't do it without any tools. I just said I wouldn't
provide details. And what would be the point in doing so anyway? You
wouldn't understand what I was writing about... and I'd just be
providing information to anyone interested in circumventing technology
rootkit style. While I don't feel it's information that they couldn't
acquire on their own, I see no real point in.. well, advancing the
technology ahead of schedule.

> Do you *really* disagree with that?

Of course not, a rootkit is nothing more than stealth; BD. However,
it's not foolproof. The old addage is this: "Whatever software can do,
software can undo."; That does *not* include crypto, however. Another
beast entirely.

To further on my post previous to you BD, Technology and the underlying
principles hasn't really changed that much. Computers are faster now,
sure; but they still follow the same laws if you will that the older
ones did. In the DOS days, TSR software could be what you would say is
a rootkit in the windows world; providing it was instructed to hide
folders from dir or windows explorer *g*.


--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.

[FromTheRafters]

"Dustin" <bughunter.dustin@gmail.com> wrote in message
news:Xns9DD3B747B5F97HHI2948AJD832@no...

[...]

> The old addage is this: "Whatever software can do,
> software can undo."; That does *not* include crypto,
> however. Another beast entirely.

It can be sucessfully argued that it still holds even for crypto. The
thing is, the length of time required to do the undoing outlasts the
value of the retrieved information, so it wouldn't be worth it. In fact
the time scales involved in software reversing of long keylength crypto
may be greater than the age of the universe or perhaps even of its
future expected lifespan (whatever that might be) but I don't see how
that could ever be provable.

[Wolf K]

On 13/08/2010 18:43, FromTheRafters wrote:
> "Dustin"<bughunter.dustin@gmail.com> wrote in message
> news:Xns9DD3B747B5F97HHI2948AJD832@no...
>
> [...]
>
>> The old addage is this: "Whatever software can do,
>> software can undo."; That does *not* include crypto,
>> however. Another beast entirely.
>
> It can be sucessfully argued that it still holds even for crypto. The
> thing is, the length of time required to do the undoing outlasts the
> value of the retrieved information, so it wouldn't be worth it. In fact
> the time scales involved in software reversing of long keylength crypto
> may be greater than the age of the universe or perhaps even of its
> future expected lifespan (whatever that might be) but I don't see how
> that could ever be provable.

Read up on the relevant math. You won't be able to imagine the orders of
magnitude involved, but you will be able to understand the notation. ;-)

cheers,
wolf k.

[FromTheRafters]

"~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message
news:ifCdnZBsxp-fPPjRnZ2dnUVZ8vadnZ2d@bt.com...
> Dustin wrote:
>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
>> news:KNSdnZ_Wh89i4PnRnZ2dnUVZ8ridnZ2d@bt.com:
>>
>>> Dustin wrote:
>>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
>>>> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d@bt.com:
>>>>
>>>>> /I/ think *Dustin* is wrong. *I believe that installing an
>>>>> anti-virus programme on an already compromised machine is, in all
>>>>> probability, a futile exercise*.
>>>>
>>>> LOL, you would certainly be in the minority if you think I was
>>>> wrong in the advice I provided concerning malware.
>
> [....]
>
>
> What FTR actually said .....
>
> "True, it could be installed and be kept from accessing certain areas
> by a rootkit".
>
> Do you *really* disagree with that?

One thing you are apparently not getting the significance of is that the
"installation software" for the proposed AV that you want to install on
the "compromised" machine likely has its own detection software for
known malware (including some rootkits) *and* rootkit detection software
that alerts to inconsistancies in what is presented through APIs to the
other tools due to filter drivers and the like.

It may be impossible to install such AV programs on a "compromised"
machine, if the preinstallation detection software is aware of, yet not
capable of removing detected malicious activity - it may tell you that
you need to address the other issue before attempting to install that
software (I'm not aware of this actually happening though).

The most likely scenario is that the installation goes off smoothly
without a hitch on *most* compromised machines (removing the compromise
in the process) - which, I believe, is Dustin's point.

[David H. Lipman]

From: "FromTheRafters" <erratic@nomail.afraid.org>

| "~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message
| news:ifCdnZBsxp-fPPjRnZ2dnUVZ8vadnZ2d@bt.com...
>> Dustin wrote:
>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
>>> news:KNSdnZ_Wh89i4PnRnZ2dnUVZ8ridnZ2d@bt.com:

>>>> Dustin wrote:
>>>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
>>>>> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d@bt.com:

>>>>>> /I/ think *Dustin* is wrong. *I believe that installing an
>>>>>> anti-virus programme on an already compromised machine is, in all
>>>>>> probability, a futile exercise*.

>>>>> LOL, you would certainly be in the minority if you think I was
>>>>> wrong in the advice I provided concerning malware.

>> [....]


>> What FTR actually said .....

>> "True, it could be installed and be kept from accessing certain areas
>> by a rootkit".

>> Do you *really* disagree with that?

| One thing you are apparently not getting the significance of is that the
| "installation software" for the proposed AV that you want to install on
| the "compromised" machine likely has its own detection software for
| known malware (including some rootkits) *and* rootkit detection software
| that alerts to inconsistancies in what is presented through APIs to the
| other tools due to filter drivers and the like.

| It may be impossible to install such AV programs on a "compromised"
| machine, if the preinstallation detection software is aware of, yet not
| capable of removing detected malicious activity - it may tell you that
| you need to address the other issue before attempting to install that
| software (I'm not aware of this actually happening though).

| The most likely scenario is that the installation goes off smoothly
| without a hitch on *most* compromised machines (removing the compromise
| in the process) - which, I believe, is Dustin's point.


That a case of an in situ installation of a fully installed AV soloution.

That's not the case of of the hard disk being removed and placed within a surrogate.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Dustin]

"FromTheRafters" <erratic@nomail.afraid.org> wrote in
news:i44jam$47j$1@news.eternal-september.org:

> "~BD~" <BoaterDave~no.spam~@hotmail.co.uk> wrote in message
> news:ifCdnZBsxp-fPPjRnZ2dnUVZ8vadnZ2d@bt.com...
>> Dustin wrote:
>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
>>> news:KNSdnZ_Wh89i4PnRnZ2dnUVZ8ridnZ2d@bt.com:
>>>
>>>> Dustin wrote:
>>>>> ~BD~<BoaterDave~no.spam~@hotmail.co.uk> wrote in
>>>>> news:35SdnQv8T-xdsvnRnZ2dnUVZ8mqdnZ2d@bt.com:
>>>>>
>>>>>> /I/ think *Dustin* is wrong. *I believe that installing an
>>>>>> anti-virus programme on an already compromised machine is, in
>>>>>> all probability, a futile exercise*.
>>>>>
>>>>> LOL, you would certainly be in the minority if you think I was
>>>>> wrong in the advice I provided concerning malware.
>>
>> [....]
>>
>>
>> What FTR actually said .....
>>
>> "True, it could be installed and be kept from accessing certain
>> areas by a rootkit".
>>
>> Do you *really* disagree with that?
>
> One thing you are apparently not getting the significance of is that
> the "installation software" for the proposed AV that you want to
> install on the "compromised" machine likely has its own detection
> software for known malware (including some rootkits) *and* rootkit
> detection software that alerts to inconsistancies in what is
> presented through APIs to the other tools due to filter drivers and
> the like.
>
> It may be impossible to install such AV programs on a "compromised"
> machine, if the preinstallation detection software is aware of, yet
> not capable of removing detected malicious activity - it may tell
> you that you need to address the other issue before attempting to
> install that software (I'm not aware of this actually happening
> though).
>
> The most likely scenario is that the installation goes off smoothly
> without a hitch on *most* compromised machines (removing the
> compromise in the process) - which, I believe, is Dustin's point.
>
>
>

Nicely put, FTR..


--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.